vmworld 2009 Impressions #01

Author
Peter Welcher
Architect, Operations Technical Advisor

Sunday 8/30/09 

Updated Monday 8/31/09 and Monday 9/7/09

I’m attending VMWorld in San Francisco this week, August 31, 2009 to September 3, 2009. Purpose: to learn more about the business and technical impacts of VMware and virtualization. I hope to blog this week and pass along my impressions, energy levels and hours in the day permitting. Even live from Moscone Center! 

By the way, Chesapeake Netcraftsmen has become a VMware partner.

We expect the Cisco Unified Computing (UCS) and 1000v to have a lot of impact on data centers and their design.  Indeed, some of my recent blogs have been coming at this from the other side, namely, what I see currently being done that might be improved with something like VSphere and the Cisco 1000v. It’s bad enough managing servers you can see — virtualized ones can use a bit more discipline. It gets messy fast when the VM’s on a physical server aren’t all configured consistently, or in some small number of ways. And try troubleshooting, when the server admin can’t tell you how the server logical NIC’s relate to the physical NIC’s. But portions of that rant are already in one of my prior blog articles!

Update: Monday 8/31. I’ve put some additional comments and updates / corrections into this article in blue.

Update: Monday 8/31. See https://netcraftsmen.com/blogs/entry/vmworld-2009-impressions-02.html for impressions and notes from Monday 8/31 that don’t relate to the topics in this blog article. 

The VMware Product Suite

Since the conference hasn’t started yet, I thought I’d prep and do some background activity by reviewing the VMware product suite. And I hopeto share some thoughts (ramblings) about that…

I still recall my first visit a few months to www.vmware.com. When I went to the products page, at http://www.vmware.com/products/product_index.htm, I was a bit overwhelmed. A year or two ago, I’d downloaded the free VMware Server and explored using it for lab testing network management freeware and trial versions. Whereupon I got severely squeezed on time. While I was distracted, VMware was apparently maturing rapidly and adding products. So when I went back more recently, the number of products had increased dramatically. I’d heard of VMotion, but it took a while to figure out that ESX was the basic product that enabled VMotion. The initial market was for VM’s, but then the need to centrally manage them became apparent, creating a secondary tool market.

Well now the home page starts out and clearly states that VSphere is the product that runs multiple OS’s (Operating Systems) on a single system. See http://www.vmware.com/products/vsphere/mid-size-and-enterprise-business/buy.html for the various Mid to Large Enterprise versions (licenses / feature sets). And see http://www.vmware.com/products/vsphere/small-business/buy.html for the Essentials / Essentials Plus features and packages.

The VMware pages also mention 80% reduction in energy costs. That part I totally get. If I can consolidate 1200 servers into a couple of racks of blade servers running VM’s (Virtual Machines), the power savings seem pretty clear. Of course, if I don’t make solid use of my physical hardware, or my data center gets VM bloat, then maybe not….  Heating and cooling for data centers are also related to square footage, as are other facilities costs — so shrinking the data center has benefits as well. 


Sidetrack: Of course the VMware web site has its sales aspects. For those who need a business case for VMware, there’s a whole Solutions page, mentioning topics like Cost Savings (less hardware, space, etc.), BC/DR (a snapshot of a server that can easily be moved and run anywhere has clear implications for BC/DR), and so on. The basic idea has been around for quite a while. I have a book by two Sun authors, pointing out that for true Service High Availability, when a server application craters, you should first rebuild it and get the service back on the air before trying to figure out what went wrong. If you have a good automated server build process, that works. With VMware, you have a snapshot of the server in a pristine state, so the build part becomes ridiculously easy!

[INSERT TITLE / AUTHORS HERE — I don’t have the book handy right now. Yellow and black striped cover, at home!] 

[I also liked http://www.amazon.com/Blueprints-High-Availability-Evan-Marcus/dp/0471430269/, but that’s not it.]

One idea about power saving is slick, new to me, fairly obvious exploitation of the VMotion capability. Not only does consolidation help, but exploiting VMotion can also help. I.e. evenings or weekends, when load is  less, shift VM’s to some servers, allowing others to be powered off.


The starting point (from a new-to-VMware perspective)  is perhaps VMware ESXi 4.0. The slideware showed how easy it is to get started. I’m convinced that with no knowledge, someone could install and be up in running in about 10 minutes. The neat marketing thing they’ve done is that ESXi 4.0 is a full image, you just install VMWare vCenter, and buy / install vSphere licensing to enable the advanced features. (See below). The key difference is that ESXi lets you partition one physical server, whereas vSphere manages VM’s across many. 

Impression: the user interface is even easier to use than the older version I’d used — and that was by no means rocket science. So there will be a LOT of ESXi and VM’s deployed, and as the scale goes up, sites will need to buy vSphere to manage it all. And from our point of view, sites will hopefully use Cisco 1000v or Cisco switches to connect all those VM’s up in an organized way. (Believe me, at this scale, you don’t want dis-organized. 🙂  )

Concerning hardware, ESXi 4.0 apparently will run on my present laptop (if I wished to convert it to VM’s). Modulo it not being a 64 bit CPU. (The older version of ESX 3.5 could be used instead.)  My point: not all that much in resources. The bare-metal hypervisor prefers dual core CPU, min of 2 GB RAM, recommended 2 NIC’s or more (one management access, the rest for VM use), reasonable disk space.

Anecdote: one of the speakers has VM’d his laptop, and accesses it from a small webtop (using RDP). My reaction is that’s fine as long as you have good “web-tone” anywhere you need to work … I generally don’t. But that’s a self-sufficiency versus convenience / security trade-off, where I’ve made a personally relevant choice. 

A good point that was made about bare-metal hypervisors is that the 100 MB image (versus about 2 GB for older ones) is that they’re small, less code, hence more reliable. And they remove underlying OS quirks and driver issues, providing greater reliability.

ESX versus ESXi. The former is VMKernel plus Linux-based Service Console (which allows scripting). ESXi is smaller and just the limited VMKernel: less security attack surface, also stated future direction.

VMware vCenter Server (formerly VirtualCenter) provides central management of VMware environments. For what it’s worth, I gather there are a number of vendors pushing “vendor-neutral” products, to manage VM’s across virtualization vendors. One wonders about the fidelity of the management, given that different vendors have different approaches to virtualization. I always worry about lowest common denominator products, and the interesting bugs they can exhibit. I also wonder about performance impact. I also wonder about the market share viability — but the server management space is huge compared to networking, and there seem to be far more viable products and vendors. There are those pushing for open standards in virtualization. Competition is good. Having several different ways to virtualize servers just seems like a good way to add more complexity to the server / application management space.

vCenter Lab Manager manages a dev/test environment. Other products manage capacity, site recovery, configuration, and other facets.

VMware Workstation lets you run multiple VM’s and OS’s on a PC, desktop or laptop. And preserve the state of any of them with a “snapshot”. Mac users probably already know about VMware Fusion, which runs Windows on their Mac. (The Mac vs. PC commercials make me think of this as the PC-guy-in-jacket-and-tie somehow jammed into a virtual box running in the Mac guy’s brain… probably not a good visual image to have…) VMware ThinApp isolates an application from the OS, so you can run it from any media without admin privileges. With patching or upgrades while the application is running.

VMware View (formerly Virtual Desktop Infrastructure = VDI) provides virtual desktops, with a view from any PC. The attraction is centralized control and security with rapid access to data, somewhat like the original Citrix but with each user having a fully isolated virtual machine, rather than a terminal running off a server. Because the virtual desktop is isolated from the computer the view is running on, there is (allegedly) no risk of security policy compromise.

I’ve been working with an government organization that has 3,000 virtual desktops for teleworkers. Because of that, I’ve recently been tuned into (paying attention to) the discussions, blogs, and articles I see on that  topic. It’s clear there are a spectrum of solutions in the Virtual Desktop space alone, from different vendors. With different emphases and features, of course.Some provide cache synch so remote desktops can operate when there is no connectivity. Others run the virtual desktop on data center server hardware, and you must have connectivity to synch screens with your piece of a server. More on this at some later date. 

Anyway, VMware View is the VMware control tool for creating and managing virtual desktops, and includes Composer and ThinApp (in the Premier version) — see below. 

VMware View Composer provides virtual desktops which share virtual disks with a “master image”, reducing storage / backup needs.

VMware ACE centrally manages virtual desktops.

VMware Player runs VM’s created by VMware Workstation, Fusion, Server, or ESX, or Microsoft Virtual Server or Virtual PC VM’s. I’ve used this to run SAGE on Windows. SAGE is a free open-source mathematics program — think open-source Mathematica. It does Calculus, all sorts of algebra and symbolic math, graphing, lighting model 3-D graphics, and the kitchen sink. Neat stuff (as long as you have the disk space for it).

There is a key product I don’t see talked about explicitly: VMware vCenter Converter. It converts physical machines to VM’s (P2V = Physical to Virtual). It also converts VM’s between formats (“V2V”). 

That seems pretty useful and important to me, which is why I’m mentioning this. I knew the capability was there, I just wasn’t quite sure how / where it was packaged. See http://www.vmware.com/products/converter/. Cover picture of the book

The Standalone version can be downloaded for free. The vCenter version is a bit more capable (see the URL for details), and more tightly integrated. The claim is that the vCenter Converter saves time hence money, doing physical to VM conversions.

The other ways to create VM’s: create a VM, install OS and apps on it, or attach to a file with an ISO image and install from the ISO image. (The demo showed installing Ubuntu Linux on VM while the presenter did other things with his laptop VM, remotely.) 

Good book: Mastering VMware vSphere 4, by Scott Lowe. The first chapter goes through the above in more detail, along with the licensing options. Very helpful!

One response to “vmworld 2009 Impressions #01

  1. Dr Pete,

    You are correct that VMware vCenter Converter is a key aspect to an ESX implementation. This is probably the most common way to virtualize a physical machine because, well – it’s simple 🙂

    Either way, good content and thanks for reporting.

    Jason

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.